4.6.10.4 Instance Manager User and Password Management

Important

MySQL Instance Manager has been deprecated and is removed in
MySQL 5.5.

The Instance Manager stores its user information in a password
file. On Windows, the default is
mysqlmanager.passwd in the directory where
Instance Manager is installed. On Unix, the default file is
/etc/mysqlmanager.passwd. To specify a
different location for the password file, use the
--password-file option.

If the password file does not exist or contains no password
entries, you cannot connect to the Instance Manager.

Note

Any Instance Manager process that is running to monitor server
instances does not notice changes to the password file. You
must stop it and restart it after making password entry
changes.

Entries in the password file have the following format, where
the two fields are the account user name and encrypted password,
separated by a colon:

petr:*35110DC9B4D8140F5DE667E28C72DD2597B5C848

Instance Manager password encryption is the same as that used by
MySQL Server. It is a one-way operation; no means are provided
for decrypting encrypted passwords.

Instance Manager accounts are associated with a user name
and password only.

This means that a client can connect to Instance Manager with a
given user name from any host. To limit connections so that
clients can connect only from the local host, start Instance
Manager with the
--bind-address=127.0.0.1
option so that it listens only to the local network interface.
Remote clients will not be able to connect. Local clients can
connect like this:

shell> mysql -h 127.0.0.1 -P 2273

Before MySQL 5.1.12, the only option for creating password file
entries is
--passwd,
which causes Instance Manager to prompt for user name and
password values and display the resulting entry. You can save
the output in the /etc/mysqlmanager.passwd
password file to store it. Here is an example:

At the prompts, enter the user name and password for the new
Instance Manager user. You must enter the password twice. It
does not echo to the screen, so double entry guards against
entering a different password than you intend (if the two
passwords do not match, no entry is generated).

The preceding command causes the following line to be added to
/etc/mysqlmanager.passwd:

mike:*BBF1F551DD9DD96A01E66EC7DDC073911BAD17BA

Use of the --password
option fails if mysqlmanager is invoked
directly from an IBM 5250 terminal. To work around this, use a
command like the following from the command line to generate the
password entry:

The output from the command can be used an entry in the
/etc/mysqlmanager.passwd file.

Beginning with MySQL 5.1.12, the
--passwd
option is renamed to
--print-password-line and
there are several other options for managing user accounts from
the command line. For example, the
--username and
--password options are
available on the command line for specifying the user name and
password for an account entry. You can use them to generate an
entry with no prompting like this (type the command on a single
line):

--print-password-line
causes Instance Manager to send the resulting account entry to
its output, which you can append to the password file. The
following list describes other account-management options that
cause Instance Manager to operate directly on the password file.
(These options make Instance Manager scriptable for
account-management purposes.) For operations on the password
file to succeed, the file must exist and it must be accessible
by Instance Manager. (The exception is
--clean-password-file,
which creates the file if it does not exist. Alternatively, if
there is no password file, manually create it as an empty file
and ensure that its ownership and access modes permit it to be
read and written by Instance Manager.) The default password file
is used unless you specify a
--password-file option.

To ensure consistent treatment of the password file, it should
be owned by the system account that you use for running Instance
Manager to manage server instances, and you should invoke it
from that account when you use it to manage accounts in the
password file.

Create a new user:

mysqlmanager --add-user --username=user_name [--password=password]

This command adds a new entry with the given user name and
password to the password file. The
--username (or
-u) option is required.
mysqlmanager prompts for the password if
it is not given on the command line with the
--password (or
-p) option. The command fails if the user
already exists.

Drop an existing user:

mysqlmanager --drop-user --username=user_name

This command removes the entry with the given user name from
the password file. The user name is required. The command
fails if the user does not exist.

Change the password for an existing user:

mysqlmanager --edit-user --username=user_name [--password=password]

This command changes the given user's password in the
password file. The user name is required.
mysqlmanager prompts for the password it
is not given on the command line. The command fails if the
user does not exist.

List existing users:

mysqlmanager --list-users

This command lists the user names of the accounts in the
password file.

Check the password file:

mysqlmanager --check-password-file

This command performs a consistency and validity check of
the password file. The command fails if there is something
wrong with the file.

Empty the password file:

mysqlmanager --clean-password-file

This command empties the password file, which has the effect
of dropping all users listed in it. The option creates the
password file if it does not exist, so it can be used to
initialize a new password file to be used for other
account-management operations. Take care not to use this
option to reinitialize a file containing accounts that you
do not want to drop.